logo inner

Governance, Risk & Compliance Analyst

DoceboToronto, Ontario, CanadaHybrid, Onsite
Artificial Intelligence. Actual Impact.
At Docebo, AI isn’t just a buzzword — it’s how we help teams move faster, perform better, and focus on the work that actually matters. Our learning platform is built with smart, time-saving tools that personalize training, cut the busywork, and make learning feel like less of a chore (and more of a superpower).We’re building the future of learning, and we’re doing it with a team that loves to challenge the status quo. If you're excited by the idea of using AI to make work-life better for real people — not just in theory — you're in the right place.Still thinking it over? At Docebo, values aren’t just posters on the wall — they show up in how we work every day.

We lead with what we call the Docebo Heart: we trust each other, assume positive intent, and make space for the differences that make our team stronger. So… what are you waiting for? Join 900+ Docebians around the world and help us reinvent the way people learn.

About This Opportunity:


The role of Docebo’s Governance, Risk & Compliance Analyst II is crucial for developing, implementing, and maintaining the company's comprehensive security and compliance posture. This position balances the critical internal functions of governance and risk management with the external need to demonstrate the business value of a solid compliance program to prospects and customers.This role is essential for ensuring that Docebo adheres to a wide range of regulatory frameworks and maintains robust security measures.

Collaborating with internal teams to build and enforce policies, they also work closely with Sales & Legal teams to effectively address customer compliance and security requirements. This role involves leading continuous improvement efforts in our control environment and staying current on emerging compliance regulations, security threats, and industry best practices.To be successful as a Governance, Risk & Compliance Analyst II, you need a proactive and structured approach to building and managing security and compliance programs. Strong, hands-on experience in developing security policies, conducting risk assessments, and managing audit cycles is crucial. Excellent analytical, problem-solving, and communication skills are essential, as you’ll collaborate with various teams, external partners, and auditors.To enhance your effectiveness in this role, a Bachelor’s degree in computer science, information security, or a related field is beneficial. Certifications such as Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), and Certified Information Systems Security Professional (CISSP) can further strengthen your qualifications. Additionally, proficiency in GRC platforms (e.g., Drata, OneTrust) will support your success.

Responsibilities:


  • Governance, Policy, and Control Management: Develop, maintain, and enhance cybersecurity and privacy policies, standards, and control frameworks to align with key industry regulations (e.g., PCI DSS, ISO 27001, SOC 2, ISO 42001) and business objectives.
  • Risk Management & Assessments: Conduct and coordinate comprehensive cybersecurity risk assessments across the organization to identify, evaluate, and prioritize risks. Develop, monitor, and track risk treatment and remediation plans, providing guidance to stakeholders on mitigation strategies.
  • Internal and External Audit Support: Lead and coordinate Docebo’s activities for both internal and external audits (e.g., ISO 27001/42001, SOC 2, PCI DSS, SOX), including evidence collection, interfacing with auditors, and managing findings to ensure successful certification and compliance.
  • Customer Engagement and Response: Respond to customers’ security and privacy related inquiries, compile comprehensive responses (mainly RFI, RFP, and RFQ), and address compliance questionnaires, ensuring timely and accurate information dissemination to actively support the sales process.
  • Vendor Risk Assessment and Monitoring: Support the evaluation of company third-party vendor-associated risks, monitor security controls, and maintain risk management reporting dashboards to mitigate risk and effectively qualify company suppliers; in collaboration with the GRC team.
  • Cross-functional collaboration: Collaborate across all company departments to embed security controls and align compliance, security, and privacy efforts with business objectives. Consult with departments to assess changes, advise on compliance obligations, and support the evolution of company compliance programs.
  • Documentation and Reporting: Maintain comprehensive documentation of compliance activities, including policies, risk assessments, and audit findings. Prepare detailed reports on the status of the GRC program for management and regulatory authorities.

Requirements:


  • Typically 4+ years of relevant work experience.
  • Working experience IT Risk Management, Governance, or a similar Information Security role.
  • Direct, hands-on experience developing security policies, conducting risk assessments, and managing internal/external audit cycles for a SaaS company.
  • Working knowledge of information security principles, trends, and best practices, specifically cloud environments and services (eg: AWS, Azure, GCloud).
  • Knowledge of GDPR requirements and other data privacy laws (eg: CCPA, PIPEDA).
  • Knowledge of ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, ISO/IEC 27701, ISO 9001, SOX, DORA, NIST CSF, and AICPA/ISAE 3000 SOC 2 & PCI DSS. 
  • Knowledge of CFR21 Part 11. 
  • FedRamp framework knowledge.

Benefits & Perks 😍-Generous Vacation Policy, plus extra floating holidays to use for religious or cultural events that matter to you-Employee Share Purchase Plan-Career progression/internal mobility opportunities-Four employee resource groups to get involved with (the Docebo Women's Alliance, PRIDE, BIDOC, and Green Ambassadors)-WeWork partnership and “Work from Anywhere” programHybrid Office Model 🏢We believe when people are together, they develop deeper relationships and accelerate innovation.

Because of this, all Docebo employees worldwide are “hybrid.” We encourage in-person collaboration while supporting work-from-home when employees need dedicated focus time, allowing Docebians to do their best every day. Each team leader is able to decide how often their teams come into the office, considering the needs of the team and the employee’s needs. Our Talent Acquisition team will let you know about the role you are applying for and the hybrid details during the first interview. About Docebo 💙Here at Docebo, we power learning experiences for over 3000 customers around the world with our easy-to-use, AI-powered Suite designed to close the enterprise learning loop.

We have successfully achieved 2 IPOs (TSX: DCBO & NASDAQ: DCBO), been recognized as a Top SaaS e-learning Solution, and are growing exponentially in the process.Docebo is a global company with offices in North America, EMEA, APAC and more. Our people believe in six core values, simply defined and manifested in everything we do - Innovation, Simplicity, Accountability, Togetherness, Curiosity, and Impact. If this sounds like you, now is your time to join one of the fastest-growing learning technology companies on the market.

Apply today!Docebo is an Equal Employment Opportunity employer. We are committed to diversity and inclusion in our workforce. All qualified applicants and employees will receive consideration for employment regardless of their race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), national origin, citizenship status, age, disability, genetic information, or any other category protected under applicable law.Any individuals requiring a reasonable accommodation to assist with their job search or application for employment should send an e-mail to recruiting_accommodations (at) docebo.com.

The e-mail should include a description of the requested accommodation and the position you’re applying for or interested in.Apply for this job

Life at Docebo

Trusted by 1,600+ companies worldwide, the Docebo Learning Platform brings together the enterprise LMS you need, the social learning experience your learners want, and the power of Artificial Intelligence to make learning your competitive advantage.
Thrive Here & What We Value1. Valuesdriven culture where innovation is at the center of everything we do.2. Embodying Docebo Heart: trust teammates, assume the best of one another, and hold space for all differences that make us better.3. Global presence with offices in North America, EMEA, APAC, etc.4. Four employee resource groups (Docebo Women's Alliance, PRIDE, BIDOC, Green Ambassadors).5. Hybrid Office Model: encourage collaboration and support work-from-home for focused time.
View more
Your tracker settings

We use cookies and similar methods to recognize visitors and remember their preferences. We also use them to measure ad campaign effectiveness, target ads and analyze site traffic. To learn more about these methods, including how to disable them, view our Cookie Policy or Privacy Policy.

By tapping `Accept`, you consent to the use of these methods by us and third parties. You can always change your tracker preferences by visiting our Cookie Policy.

logo innerThatStartupJob
Discover the best startup and their job positions, all in one place.
Quick SearchSearch JobsSearch Remote Jobs hiring WorldwideSearch Remote Jobs in the USSearch Jobs in IndiaSearch Remote Jobs in UKSearch by Title
AreaCaliforniaMassachusettsNew YorkTexasVirginiaWashington D.C.View all
Popular SubRemote JobsWeb3 JobsiOS Developer JobsFront End Developer Remote JobsComputational Geometry JobsCannabis CareersView all
CompanyAbout UsContact usBlogCreditsCareersPrivacy PolicyCookie Policy
Copyright © 2025